Bump the cdk group across 1 directory with 2 updates

[dependabot]

Bumps the cdk group with 2 updates in the / directory: @guardian/cdk and aws-cdk.

Updates @guardian/cdk from 62.6.1 to 63.3.1

Release notes

Sourced from @​guardian/cdk's releases.

v63.3.1

Patch Changes

• b656328: Correct Riff-Raff project tag key to match the one previously introduced in guardian/riff-raff#1374: gu:riff-raff:project.

v63.3.0

Minor Changes

• a7726ad: Add a comment to generated riff-raff.yaml files for additional clarity.

v63.2.1

Patch Changes

• d2f2a3a: Update @aws-sdk/* dependencies.

v63.2.0

Minor Changes

• ac2348e: Fix warnings around childProcess.spawn and shell: true.

Patch Changes

• bc0f9b8: Bump the Cognito auth lambda runtime from PROVIDED_AL2 (deprecated) to PROVIDED_AL2023 in the GuEc2App pattern. No client changes needed.

v63.1.0

Minor Changes

• 3b98fea: Minor improvements to the GuDeveloperPolicy class to make it more intuitive for users.
  • path includes source repo name to help map the policy back from AWS to its source codebase.
  • path includes stack and stage as we have nowhere else to find it and this can help with identification.
  • friendlyName is now a required attribute that maps to the managed policy's description.
  • The policy must have at least one statement.
  • permission attribute is now called grantId to match with the corresponding Janus structure.

v63.0.1

Patch Changes

• 1ff04c8: Introduce a withoutPolicyChecks flag to GuDeveloperPolicy properties so that the check can be turned off.

  Provide instructions for use of that flag in the "overbroad" action/resource error text.

  This enables teams to use fully wildcarded actions and resources when needed, but also provides information in cloudformation metadata to allow us to track the usage of that switch in order to study how often this is needed.

v63.0.0

Major Changes

• c6e30e1: Support generating multiple riff-raff.yaml files. To do this, set the riffRaffProjectName property of a GuStack.

... (truncated)

Changelog

Sourced from @​guardian/cdk's changelog.

63.3.1

Patch Changes

• b656328: Correct Riff-Raff project tag key to match the one previously introduced in guardian/riff-raff#1374: gu:riff-raff:project.

63.3.0

Minor Changes

• a7726ad: Add a comment to generated riff-raff.yaml files for additional clarity.

63.2.1

Patch Changes

• d2f2a3a: Update @aws-sdk/* dependencies.

63.2.0

Minor Changes

• ac2348e: Fix warnings around childProcess.spawn and shell: true.

Patch Changes

• bc0f9b8: Bump the Cognito auth lambda runtime from PROVIDED_AL2 (deprecated) to PROVIDED_AL2023 in the GuEc2App pattern. No client changes needed.

63.1.0

Minor Changes

• 3b98fea: Minor improvements to the GuDeveloperPolicy class to make it more intuitive for users.
  • path includes source repo name to help map the policy back from AWS to its source codebase.
  • path includes stack and stage as we have nowhere else to find it and this can help with identification.
  • friendlyName is now a required attribute that maps to the managed policy's description.
  • The policy must have at least one statement.
  • permission attribute is now called grantId to match with the corresponding Janus structure.

63.0.1

Patch Changes

• 1ff04c8: Introduce a withoutPolicyChecks flag to GuDeveloperPolicy properties so that the check can be turned off.

  Provide instructions for use of that flag in the "overbroad" action/resource error text.

  This enables teams to use fully wildcarded actions and resources when needed, but also provides information in cloudformation metadata to allow us to track the usage of that switch in order to study how often this is

... (truncated)

Commits

• 50ceac8 Merge pull request #2907 from guardian/changeset-release/main
• 5da8ba0 Bump package version
• a4c0940 Merge pull request #2906 from guardian/aa/riff-raff-tag
• b656328 fix: Correct Riff-Raff project tag key
• 16d1afc Merge pull request #2902 from guardian/dependabot/npm_and_yarn/fast-xml-build...
• 4a8ab46 chore(deps): bump fast-xml-builder from 1.1.5 to 1.2.0
• a6c0652 Merge pull request #2901 from guardian/add-devx-reliability-owners-1777543115
• 1cd16b4 Add .github/CODEOWNERS file for devx-reliability-and-ops team
• bcf8aa4 Merge pull request #2899 from guardian/changeset-release/main
• 3d3d4f4 Bump package version
• Additional commits viewable in compare view

Updates aws-cdk from 2.1115.1 to 2.1124.1

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1124.1

2.1124.1 (2026-05-20)

Bug Fixes

• cli: resolve command aliases in unknown options check (#1536) (791408c)

aws-cdk@v2.1124.0

2.1124.0 (2026-05-20)

Features

• deps: upgrade aws-cdk-lib (#1532) (0920b78)

aws-cdk@v2.1123.0

2.1123.0 (2026-05-19)

Features

• cli: add --region as a global CLI option (#1506) (ae2349b), closes #928
• cli: warn on unrecognized CLI options (#1514) (abd4f4c)

Bug Fixes

• cloud-assembly-api: widen jsonschema range to fix npm ci on npm 11 (#1529) (de82699), closes #61 #37721 #61

aws-cdk@v2.1122.0

2.1122.0 (2026-05-14)

Features

• CLI send in performance profile if emitted by app (#1478) (1ea1ae7)
• deps: upgrade aws-cdk-lib (#1481) (d007567)
• deps: upgrade aws-cdk-lib (#1493) (36cbfd3)
• deps: upgrade aws-cdk-lib (#1509) (bf04a33)

Bug Fixes

• remove uuid dependency in favor of node:crypto (#1511) (85751e5)

... (truncated)

Commits

• 791408c fix(cli): resolve command aliases in unknown options check (#1536)
• 0920b78 feat(deps): upgrade aws-cdk-lib (#1532)
• de82699 fix(cloud-assembly-api): widen jsonschema range to fix npm ci on npm 11 (#1529)
• abd4f4c feat(cli): warn on unrecognized CLI options (#1514)
• 319e3a8 chore(deps): bump @​aws-sdk/client-appsync from 3.1041.0 to 3.1045.0 (#1520)
• 9165482 chore(deps): upgrade dependencies (#1518)
• ae2349b feat(cli): add --region as a global CLI option (#1506)
• c8f270c chore(deps): fix release workflow and upgrade dependencies (#1513)
• 85751e5 fix: remove uuid dependency in favor of node:crypto (#1511)
• d5f6022 refactor(toolkit-lib): use stack/changeset ARNs for CloudFormation API calls ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Hello 👋! When you're ready to run Chromatic, please apply the run_chromatic label to this PR.

You will need to reapply the label each time you want to run Chromatic.

Click here to see the Chromatic project.